Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/NoubHPnCopmSwzW_c4mBH-TDhww.roa
File:                     NoubHPnCopmSwzW_c4mBH-TDhww.roa (raw, json)
Hash identifier:          RQJDPEcnbXdQ+TdedVJ8HFqE21+IFRq823CUQem4b8Q=
Subject key identifier:   36:8B:9B:1C:F9:C2:A2:99:92:C3:35:BF:73:89:81:1F:E4:C3:87:0C
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       019E633E29D6AB9BB760304BA7C4A3B452C8
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/NoubHPnCopmSwzW_c4mBH-TDhww.roa
Signing time:             Tue 26 May 2026 07:44:38 +0000
ROA not before:           Tue 26 May 2026 07:44:38 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     208504
IP address blocks:        82.153.243.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 11:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:63:3e:29:d6:ab:9b:b7:60:30:4b:a7:c4:a3:b4:52:c8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: May 26 07:44:38 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=368b9b1cf9c2a29992c335bf7389811fe4c3870c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:b6:b1:71:01:16:f0:1e:28:1d:52:a7:db:b0:
                    58:cf:25:6d:fb:36:6d:0b:9e:8e:47:ab:4b:bb:66:
                    9c:cd:cb:af:a7:1f:e7:c1:a2:9d:a3:11:a9:81:c8:
                    a6:0f:db:d0:11:0e:bb:7f:be:0c:f6:74:70:88:6b:
                    67:bc:8a:f8:17:37:87:53:ea:39:b8:e1:63:fe:6b:
                    2c:b9:ad:63:5a:ac:5e:cf:67:5f:74:31:c5:8a:bf:
                    2e:3c:e4:ee:eb:b2:b2:7e:42:a6:50:9b:e6:2f:3d:
                    0d:02:ec:cb:a7:4e:19:cd:40:1a:f6:f7:b7:5f:71:
                    3d:60:d8:61:0b:1a:9b:80:6b:19:5b:3b:48:29:9d:
                    65:a9:c6:d1:2c:4a:6a:f5:5b:1a:b9:a7:13:5d:77:
                    ca:18:c7:a0:0e:a5:26:10:20:08:18:7f:75:e3:9a:
                    13:6d:d4:3e:27:92:4f:93:4e:fd:e6:e3:5f:26:29:
                    b2:2f:75:d5:c0:83:6c:53:72:8d:1c:aa:04:17:75:
                    c0:b5:d9:67:cc:65:08:af:43:f1:85:c5:56:1a:00:
                    b2:ad:d6:71:ba:87:0e:9f:50:77:35:0c:97:d9:e2:
                    0d:6d:5f:ca:29:c2:df:c1:b8:86:b4:0b:71:22:c3:
                    96:92:f2:29:23:d6:6d:22:07:c9:fa:2e:f6:4a:a4:
                    3b:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:8B:9B:1C:F9:C2:A2:99:92:C3:35:BF:73:89:81:1F:E4:C3:87:0C
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/NoubHPnCopmSwzW_c4mBH-TDhww.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.153.243.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9c:58:02:4e:eb:eb:00:4b:aa:09:b2:d4:96:6c:81:ff:2a:36:
         e8:31:5a:c3:b8:58:4f:66:43:2c:ff:99:7e:4e:f2:a5:3c:ab:
         9e:fc:41:76:15:27:08:ec:fc:7d:e4:bc:4a:b8:97:ed:ed:f2:
         7c:50:23:48:ea:32:8b:d7:a3:b2:7d:30:4d:b3:27:fb:27:81:
         ca:f7:6a:fd:01:e2:82:5e:bc:61:79:a3:4c:cf:c8:f9:e1:1d:
         eb:35:b5:34:12:e8:bc:96:cb:f7:0d:eb:99:5b:53:3f:01:d8:
         42:00:04:a3:8f:13:d2:2c:b9:5c:ec:a0:aa:fd:ea:cf:fa:12:
         11:cf:16:15:97:43:04:8e:53:f2:e1:b5:23:87:5e:fc:3f:b0:
         e5:1a:bc:77:04:60:97:a4:8f:31:dc:4c:de:85:89:1a:cf:22:
         d4:25:dd:76:58:f5:0e:7b:02:8f:78:4a:37:b6:32:a6:2b:7e:
         f4:8d:44:bb:3a:5f:ec:ec:3c:9b:bb:5c:b3:1a:43:39:8f:2a:
         2d:d1:85:e3:24:90:c0:c9:60:11:4c:f1:1a:37:89:81:e1:03:
         c4:19:1f:f2:39:cb:a7:1b:1a:77:0a:ff:d7:74:83:1d:4a:c3:
         e6:95:72:39:4a:4f:d6:ab:f1:29:00:dd:71:8a:e2:ed:0d:80:
         d6:f5:71:a7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ5jPinWq5u3YDBLp8SjtFLIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjYwNTI2MDc0NDM4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNjhiOWIxY2Y5YzJhMjk5OTJjMzM1YmY3Mzg5ODExZmU0YzM4NzBjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv7axcQEW8B4oHVKn27BYzyVt+zZt
C56OR6tLu2aczcuvpx/nwaKdoxGpgcimD9vQEQ67f74M9nRwiGtnvIr4FzeHU+o5
uOFj/mssua1jWqxez2dfdDHFir8uPOTu67KyfkKmUJvmLz0NAuzLp04ZzUAa9ve3
X3E9YNhhCxqbgGsZWztIKZ1lqcbRLEpq9VsauacTXXfKGMegDqUmECAIGH9145oT
bdQ+J5JPk0795uNfJimyL3XVwINsU3KNHKoEF3XAtdlnzGUIr0PxhcVWGgCyrdZx
uocOn1B3NQyX2eINbV/KKcLfwbiGtAtxIsOWkvIpI9ZtIgfJ+i72SqQ7vQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDaLmxz5wqKZksM1v3OJgR/kw4cMMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvTm91YkhQbkNvcG1Td3pXX2M0bUJILVREaHd3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUpnzMA0G
CSqGSIb3DQEBCwUAA4IBAQCcWAJO6+sAS6oJstSWbIH/KjboMVrDuFhPZkMs/5l+
TvKlPKue/EF2FScI7Px95LxKuJft7fJ8UCNI6jKL16OyfTBNsyf7J4HK92r9AeKC
XrxheaNMz8j54R3rNbU0Eui8lsv3DeuZW1M/AdhCAASjjxPSLLlc7KCq/erP+hIR
zxYVl0MEjlPy4bUjh178P7DlGrx3BGCXpI8x3EzehYkazyLUJd12WPUOewKPeEo3
tjKmK370jUS7Ol/s7Dybu1yzGkM5jyot0YXjJJDAyWARTPEaN4mB4QPEGR/yOcun
Gxp3Cv/XdIMdSsPmlXI5Sk/Wq/EpAN1xiuLtDYDW9XGn
-----END CERTIFICATE-----